A lot of people on TOR cry about js based onion sites. Can anyone show solid proof that JS will expose you?
If you are making a claim, you must be able to start an onion site and expose anyone who goes on it, if you can't and still shitposting, stfu and leave this board, you don't belong here.
There are some nasty things JS can do >JS can get list of your fonts mostly one in 10000 >HTML5 canvas fingerprint one in 500000 >WebGL canvas fingerprint one in 200000 >JS can scan your local network >JS can identify your OS and architecture even when spoofed (with certain math operations) However Tor Browser turns off many of these by default even for the lowest security setting. Many attacks against Tor were in times where there was no tor browser, through plugin system or weird behaviours like auto-opening pdf or other formats. Beside facebook I haven't heard of any other website doing shit like fingerprinting your mouse movement, typing and how you browse the website in general. This might be just paranoia, but still JS-based. Overall Tor is slow, bad JS can make website big and slow. The website keeps it light and mostly works with JS turned off, then why not.
Charles Foster
really no other useful information than system time
ran it in my tor, not even in tails and it doesn't show jack shit.
>JS is a class of fucking attacks js is the language of the browser engine. it's like calling an exploit in a C language a C class of attacks. Just gtfo
THIS. Could not have said it better myself. Someone please pin this. Only exploits were browser exploits, had nothing to do with JS. Or if you were stupid enough to download lets say a docx file that had remote content.
Browsers nowdays are very secure. I would actually like to see a Chromium based TOR browser (chromium.org/Home) .
Jayden Gray
Of course there's nothing to do with JS, but you shouldn't enable it if you don't want to be fingerprinted while using TOR.
William Gomez
Better safe than sorry. You need to prove it doesn't expose you, not the other way around.
Hudson Nelson
It has happened with people using outdated tor browsers.
However, you're fine if you use a virtual machine like Whonix. Whonix is so fucking easy to setup that there is no reason not to use it.
Daniel Price
Depends on what you browse over TOR. sometimes you might not care about being fingerprinted (they can only link the places you visited where they have fingerprinting in place to a single user), only care that your location stays anonymous.
John Sanders
actually it is the other way around. Needs to be proven that it isn't safe. That's how everything works. All software is safe unless it has a loophole. By your logic, TOR/Tails and everything else isn't safe because it is not really possible to proof 100% they are, since they could still have bugs that are not found.
>he doesnt understand how a non audited binary script could be dangerous
back to the drawing board OP
Blake Rivera
Why is JS even standard now for websites? Why does every website need fucking JavaScript to display information.
What happened to HTML+CSS and (maybe PHP when necessary) ?
Landon Morris
...
Noah Price
>All software is safe unless it has a loophole Not when you're doing shady shit on the deepweb >By your logic, TOR/Tails and everything else isn't safe My point exactly. If it was, you wouldn't see hidden services repeatedly shutdown by the FBI and their owners arrested.
You can take steps to reduce your risk but never for a moment assume TOR or any privacy protecting software is 'safe'
Ryder Diaz
OH NO NOT MY FONTS, HOW WILL I EVER RECOVER WHEN MY FONTS GET EXPOSED TO ALL THE WORLD.
Owen Davis
>Thinking it's about the fonts Meta Fail
Grayson Barnes
>Someone please pin this. go back to r*dd*t
Landon Wilson
who need JS ?
Nathaniel Gonzalez
> blaming that on js they are just brute forcing your router. don't put admin:password123 as your password and you'll be fine. i.e. don't be a fucking moron.
Connor Barnes
> not audited binary script > relevant to js did you even read?
html+css only sucks. and PHP is the worst language I have ever came across in my entire life. I rather write assembly code than PHP. It's fucking cancer.
Leo Mitchell
> that pic by that logic shut down all roads do not let anyone outside. That will reduce crime.
Luis Carter
my bad gotten used to discord too much
Landon Sullivan
Actually it is useful when you live under a dictatorship or you're a journalist in an oppressive country. So that pic is just omitting the good purposes Tor can be used for.
Blake Clark
>TOR It's Tor you mong
Easton Nelson
Everyone concerned with OPSec at any level really should operate on, as Schneier calls it, the conspiracy model Nothing is safe and everyone is out to get you, you can't assume things for your own convenience On a general basis though, I doubt that your average person would actually need to worry about that I just block (some) JS that is completely useless to a site, eg doubleclick.net and the like Also some that is necessary to the site, if the site itself is bloat incarnate (CNN.com)
Zachary Edwards
The Onion Router i.e. TOR. just cause Tor is easier to write doesn't make it true you abomination of humanity.
Isaiah Ward
Tor has to have time be perfectly synchronized. This means local time can be used in pinpointing user location. UTC or bust.
Camden James
>brute forcing >default password
Choose one
Cooper Wright
>people still don't know the difference between LARP and RP
or is this some new dank meme I missed while I was away
Mason Reyes
>using the web 2.0 botnet
Ryder Ortiz
can be used to pinpoint user's country. That's it.
Andrew Roberts
not using the best voice chat app I have ever come across for vidya. or maybe you have no friends to talk to
Josiah Rodriguez
Enjoy your Facebook Messenger Gaymen Edition
Jeremiah Morales
No one who knows what they're talking about spells it that way.
Thomas Mitchell
At first I thought op was a troll but damn nobody can seem to dispute him. I guess JavaScript isn't that bad after all. It was just a boogeyman meme.
Easton Carter
You idiot, it takes a vulnerability to expose you, not the use of JS. Otherwise it would have been off by default. The vulnerability could be inside JS engine or in other areas in the browser. JS could make exploiting those other vulnerabilities possible or easier (at least that was the case before).
Nathan Williams
im sure someone will drop an 0day just to prove you wrong, OP, faggot
Caleb Thompson
It's Tor, and Tor wont stop you from having bad opsec or being an idiot, which is the #1 reason hidden services get shut down
Logan Jenkins
>Can anyone show solid proof that JS will expose you?
Do you know what JS is?
Joshua Bailey
Lel. Sure if you are a eurofag. Plenty of countries span more than one time zone. Even then it can be used to find the closest NTP server.
Caleb Walker
It does not need to be full exposure. It only need to track you even partially in order for a sane person to disable it. Moreover most browser security issues are related to JS so this is a good reason by itself to disable it.
Anyhow, with js you can track the movements that one does with the mouse, tab focus, clicks, and many other things.
Hudson Hill
>Someone please pin this ???
>Chromium Why? It's shit with a lot of tabs. Also, why would you link it? Everyone here knows about it.
Colton Scott
She was one of the people that were shitting on djb and were against appelbaum.
Oliver Ward
>Needs to be proven that it isn't safe. That's how everything works. lie.
easily demonstrated lie, at that.
Julian Gutierrez
it's a security vector that's been exploited many times. The fact that they leave it enabled by default should tell you alot about them.
Jose Foster
kys
Easton Gutierrez
Well, what are you waiting for? Go ahead and enable it while browsing sketchy .onion sites.
I'll see your news article on the DailyMail in approximately 2 months. Enjoy.
Jaxson Morales
does my palm smell like strawberries to you?
Luke Bennett
most attacks on tor were done by idiots that logged in in sites like facebook and twitter. Just leave a honeypot server as an exit node open and you will get results. The thing is that social media idiots are not using always tor, so even with a warrant to an ISP or facebook you can cross reference IPs and identities
Jayden Stewart
the freedom hosting takedown proved that js is insecure
if any of you retards stopped shitposting long enough to read one article then you would know this. a thread died just so someone could make a fool of himself
Chase Lee
> duur huur, what is penetration testing > oh we try to break things to prove they are 100% they are safe are you dumb? just kill self. you can never prove anything non mathematical is 100% unbreakable.
Jordan Wright
been doing that for years and still out of the papers. only idiots who don't actually know the issue disable it to pretend they are safe. the most common attacks on deanonymising doesn't even involve JS!
Cooper Wood
Pretty dumb statement to counter his proposition cause you have all the tools available to you to provide a claim.
Brody Clark
> being this retarded Only users who did update were affected!
Chase Roberts
(you)
shit thread op
Carson Perry
Checked
Juan Morris
Why do people keep referring to TOR as a browser?
Jordan Lee
> Yeah I'm aware that stop selling alchool would significantly decrease death by car crashes. > Yeah I'm aware than stop selling knifes would significantly decrease death by stab. > Yeah I'm aware that stop allowing weapons would significantly decrease homicides. > Yeah I'm aware than stop selling cars would significantly decrease car crashes.
Brody Collins
Tor and Tor Browser are separate things. Tor Browser is a fork of Firefox, that uses the Tor network by default, and which also has a great number of privacy changes.
Tor Browser is the recommended way to use Tor, and if you use Tor through a different network you may be compromising yourself by making yourself more trackable.